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CLAIMS 




We claim: 

1. A method of controlling access to a desired resource hosted on a y 
stination server, comprising the steps of: 

(a) receiving handshaking packets from a client machine intended to begin 
a session with the destination server; 

(b) redirecting network communications, including the steps of: 
redirecting the handshaking pacjeets by rewriting the destination 

address in the handshaking packets/TP headers to route the packets to an 
access controlling web server* 

receiving a content^quest packet from the client machine destined 
for the destination server intended to retrieve the desired resource from the 
destination serveri/and 

redirecting the content request packet by rewriting the destination 
address in the packet IP header to route the packet to the access controlling 
web sewer; 

(c) receiving a response from the access controlling web server; and 

(d) controlling access of the client machine to the desired resource based 
on the response from the access controlling web server. 



2. The method according to claim 1, wherein the step of controlling access to 
fe desired resource based on the response from the access controlling web server further 
comprises the step of: 
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establishing a connection between the client machine and the destination^erver if 
the response indicates that access to the desired resource is allowable. 

3. The method according to claim 2, wherein the content request packet 
comprises a GET URL packet. 
5 4. The method according to claim 3, wherein the response indicates that 

access to the desired resource is allowable if the access controlling web server does not 
recognize the URL of the GET URL packet. 

5. The method according to claim 4, further/6omprising the step of refusing a 

connection to the destination server, and establishing/instead a connection between the 
Q / 



1 0 client machine and the access controlling web server if the response is that the access 
controlling web server recognizes the URL of^the GET URL packet. 

6. . The method according to claim 5, wherein the step of establishing a 

afidt 

|* 

1 the handshaking packets and GET UI(L packet to the destination server transparently with 



connection between the client machine and the destination server comprises: resending 



1 5 respect to the client machine. 

7. The method acc6rding to claim 6, further comprising the step of 
' embedding an identity tokerr readable by the access controlling web server in the GET 

URL packet, wherein the/identity token uniquely identifies the client machine. 

8. The method according to claim 6, further comprising the step of 

2 0 determining whether to redirect network communications based on the content of a 
handshaking paclcet. 

9. /The method according to claim 8, wherein the step of determining whether 
to redirect Network communications comprises .deciding to redirect network 
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communications if the handshaking packet is a SYN packet directed to port 80 dh the 
destination server. / 

10. The method according to claim 3, wherein the response/indicates that 
access to the desired resource is allowable if the access controllinyweb server recognizes 
the URL of the GET URL packet. / 

1 1 . The method according to claim 10, further comprising the step of refusing 
a connection to the destination server, and establishing/nstead a connection between the 
client machine and the access controlling web server if the response indicates that the 
access controlling web server does not recognise the URL of the GET URL packet. 

12. The method according to claim 11, wherein the access controlling web 
server is an RSACi Web Server. / 

13. The method according to claim 11, wherein the step of establishing a 
connection between the client machine and the destination server comprises: resending 
the handshaking packets and/GET URL packet to the destination server transparently with 
respect to the client machine. 

14. The mefliod according to claim 13, further comprising the step of 
embedding an idenpty token readable by the access controlling web server in the GET 
URL packet, wherein the identity token uniquely identifies the client machine. 

15. / The method according to claim 13, further comprising the step of 
determining whether to redirect network communications based on the content of a 
handshaking packet. 

/ 16. The method according to claim 15, wherein the step of determining 
whether to redirect network communications comprises deciding to redirect network 
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communications if the handshaking packet is a S YN packet directed to port $6 on the 
destination server. . 

17. A computer-readable medium having computer-execul&ble instructions for 
controlling access to a desired resource hosted on a destination server comprising the 
5 steps of: 

(a) receiving handshaking packets from a cjifent machine intended to begin 
a session with the destination server; 

(b) redirecting network communicaj&ns, including the steps of: 

redirecting the handshaking packets by rewriting the destination 
10 address in the handshaking p&ckets' IP headers to route the packets to an 

access controlling web server; 

receiving a content request packet from the client machine destined 
for the destination/server intended to retrieve the desired resource from the 
destination seryer; and 

15 redirecting the content request packet by rewriting the destination 

address in the packet DP header to route the packet to the access controlling 
web/erver; 

receiving a response from the access controlling web server; and 
(d) controlling access of the client machine to the desired resource based 
2 0 on/the response from the access controlling web server. 
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18. The computer-readable medium of claim 17, wherein the step of 
controlling access to the desired resource based on the response from the access 
controlling web server further comprises the step of: 

establishing a connection between the client machine and the destination server if 
the response indicates that access to the desired resource is,allowable. 

19. The computer-readable medium of clain/l8, wherein the content request 
packet comprises a GET URL packet. / 

20. The computer-readable medium m claim 19, wherein the response 
indicates that access to the desired resourceis allowable if the access controlling web 
server does not recognize the URL of th^GET URL packet. 

21. The computer-readable medium of claim 20, further comprising the step of 
refusing a connection to the destination server, and establishing instead a connection 
between the client machine anfa the access controlling web server if the response is that 
the access controlling web/server recognizes the URL of the GET URL packet. 

22. The comfputer-readable medium of claim 19, wherein the step of 
establishing a connection between the client machine and the destination server 
comprises: resencfing the handshaking packets and GET URL packet to the destination 
server transparently with respect to the client machine. 

23. / The computer-readable medium of claim 22, further comprising the step of 
embedding an identity token readable by the access controlling web server in the GET 
URL jacket, wherein the identity token uniquely identifies the client machine. 
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24. The computer-readable medium Of claim 22, further comprising the sftep of 
determining whether to redirect network communications based on the contenj/of a 
handshaking packet. 

25. The computer-readable medium of claim 24, wherein the step of 
5 determining whether to redirect network communications comprises deciding to redirect 

/ 

network communications if the handshaking packet is a SYtypacket directed to port 80 
on the destination server. 

26. The computer-readable medium of claim 19, wherein the response 
indicates that access to the desired resource is allowable if the access controlling web 

1 0 server recognizes the URL of the GET URL^acket. 

27. The computer-readable medium of claim 26, further comprising the step of 
refusing a connection to the destination server, and establishing instead a connection 
between the client machine and the access controlling web server if the response indicates 
that the access controlling v^b server does not recognize the URL of the GET URL 

15 packet. 

28. The computer-readable medium of claim 27, wherein the access 

i 

controlling web server is an RSACi Web Server. 

29. /The computer-readable medium of claim 27, wherein the step of 
establishing^ a connection between the client machine and the destination server 

2 0 comprises: resending the handshaking packets and GET URL packet to the destination 
serve/transparently with respect to the client machine. 
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30. The computer-readable medium of claim 29, further comprising the step of 
embedding an identity token readable by the access controlling wej^erver in the GET 
URL packet, wherein the identity token uniquely identifies thjz'client machine. 

3 1 . The computer-readable medium of claim^9, further comprising the step of 
determining whether to redirect network communications based on the content of a 
handshaking packet. / 

32. The computer-readable medium of claim 3 1 , wherein the step of 
determining whether to redirect network communications comprises deciding to redirect 
network communications if the handshaking packet is a S YN packet directed to port 80 
on the destination server. / 



